Comments (3)
Hi @MPV, thanks for the suggestion. Usually Syft only scans one image at a time and produces an SBOM for a particular image, as opposed to a set of images. Would it work for your use case if there was a higher-level script that extracted a list of images referred to in a Kubernetes manifest and then looped over each one with Syft to create a set of SBOMs?
from syft.
Hi @MPV, thanks for the suggestion. Usually Syft only scans one image at a time and produces an SBOM for a particular image, as opposed to a set of images. Would it work for your use case if there was a higher-level script that extracted a list of images referred to in a Kubernetes manifest and then looped over each one with Syft to create a set of SBOMs?
@tgerla Yeah that also makes sense. I guess either solution also needs to be good (enough) at finding the image(s) from manifest(s).
Maybe there's something that's already good at that (and thus can just be combined with this), any ideas...? š¤
from syft.
I thought the easiest way might be with a jq query on the JSON version of the Kubernetes manifest. Here is a prototype bash script that you might start with: https://gist.github.com/tgerla/3065156018f697e0040e80bee8fe7daf
I've only tested this on one single manifest (below the script in the gist) and I'm not really familiar with the manifest format, but this might be a good start! There might be a more "kubernetes-style" way to do this. Hope it is useful!
from syft.
Related Issues (20)
- OpenSSL binary matcher fails to properly detect letter releases
- Python .whl files not detected on directory scan HOT 1
- Additional globs for Debian cataloger HOT 2
- Incorrect package name and purl of dotnet nuget packages HOT 10
- Support for Itsy Package Management System (ipkg)
- Properties metadata.manifest.main are no more available in json output HOT 2
- [Feature] Syft for 32 bits ARM arch HOT 5
- Packages not being found in 1.0.1 HOT 8
- pdm support HOT 3
- Detect ELF package notes from fedora binaries
- Misinterpretation of Multiple replace Directives in Golang HOT 1
- Add time taken for each cataloger
- Extract full license text HOT 5
- fix panic scanning binaries without symtab HOT 2
- layers attribute in image is sorted from upper layer to base layer
- Syft panics when scanning OCI image that contains packaged helm chart HOT 5
- Add support for GitHub Actions HOT 6
- Regression in 1.1 cataloging openjdk: generates version containing a null byte HOT 13
- Syft reports some fw* pckages, which are nowhere to find HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
š Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ššš
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ā¤ļø Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from syft.